On Sep 13, 2010, at 12:48 PM, Alex wrote: > Hi, > > We had a user report that their email was tagged with > winnow.botnets.zu.zeus.4637.UNOFFICIAL, according to the logs. How can > I track this, and determine which database it was that contains this > pattern, and why it considered this email to contain this virus? > > I can run the email through clamscan with the latest updates and it > still finds the zeus virus. > > I'd like to submit this to someone to reduce this false positive, but > I really can't for privacy reasons. Is there something else I can do > to help?
Alex, That signature is not is our active database. When did you last update your files? zeus urls and IP come and go as machines are infected and cleaned so you must keep your rules current. Tom _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
